1. Field of the Invention
The present invention relates to a multi-hop wireless network system and an authentication method thereof.
2. Description of the Related Art
A multi-hop wireless network is a network into which an ad hoc network and an infrastructure-based network are integrated.
In the multi-hop wireless network, a portal such as a gateway is connected to a wired network, and multi-hop nodes are connected in a multi-hop structure. This multi-hop wireless network connects multi-hop nodes to a wireless link so as to facilitate a configuration of the network.
On the other hand, when a multi-hop node enters the multi-hop wireless network, mutual authentication with a base station (BS) or another multi-hop node should be performed to secure reliability.
When a mobile station (MS) accesses a multi-hop node, the presence of the multi-hop node should be transparent to the mobile station (MS) as when the mobile station (MS) directly accesses the base station (BS).
The multi-hop wireless network should be able to authenticate the mobile station (MS) in place of the base station (BS) even when a multi-hop node provides a function for establishing a call connection by performing a direct routing operation with another multi-hop node without going through the base station (BS).
The current authentication technology is developing into a distributed authentication scheme applied to an ad hoc network using an authentication protocol based on an encryption algorithm of a symmetric key, a public key, and the like and a centralized authentication scheme based on an authentication server (AS) in the Internet.
On the other hand, the multi-hop wireless network may apply the centralized authentication scheme in that a mobile portal (MP) can be connected to an infrastructure network. It can be seen that the multi-hop wireless network follows ad hoc network characteristics in that mutual authentication between multi-hop nodes should be performed.
The current authentication technique uses an identifier (ID)/password method, a shared secret based symmetric key algorithm, a public key based algorithm, and a challenge-response based algorithm.
In the multi-hop wireless network, multi-hop nodes exchange information required for a multi-hop wireless network configuration. Using this information, routing information is shared to perform multi-hop routing.
The multi-hop wireless network forwards data through the multi-hop nodes in a multi-hop scheme. When a rogue mobile portal (MP) is present while the data is forwarded, multi-hop formation may not be correctly performed and therefore wrong routing information may be delivered.
For this reason, the multi-hop node may not detect a target destination node and a rogue multi-hop node may not forward data along a route even when routing is performed. This problem may also occur in an ad hoc network or a wireless mesh network.
When a multi-hop node initially enters the multi-hop wireless network, initial authentication is required. Hop-by-hop authentication is required to continuously exchange control information with neighbor nodes.
Since the multi-hop nodes configure the ad hoc network without help of the infrastructure, the centralized authentication technique for performing an authentication process in the authentication server (AS) may not be used.
Accordingly, there is a problem in that mutual authentication should be performed for reliability between multi-hop nodes joining the ad hoc network.
Authentication techniques available in the ad hoc network are a technique in which nodes share a verification key required for certificate verification using a threshold cryptography method and a technique in which an authentication list is managed and shared by authenticating a correspondent node using a pretty good privacy (PGP) method whenever the nodes are on the move.
On the other hand, the Institute of Electrical and Electronics Engineers (IEEE) 802.11s standard defines that hop-by-hop authentication with neighbor mesh nodes in contact with mesh nodes should be performed to authenticate the mesh nodes.
In the wireless mesh network based on the IEEE 802.11s standard, the distributed authentication technique and the centralized authentication technique for mutual authentication between mesh nodes are as follows.
The centralized authentication is a scheme in which the authentication server (AS) performs authentication verification when a request for authenticating a correspondent node is sent in the case where authentication between mesh nodes is performed. Two mesh nodes joining an authentication procedure respectively serve as an authenticator to authenticate the correspondent node. Each mesh node serves as a supplicant to be authenticated by the correspondent node. On the other hand, the authentication server (AS) serving as proxy performs an authentication process and notifies the two mesh nodes of an authentication process result.
The distributed authentication is a scheme in which hop-by-hop authentication between mesh nodes is directly performed. To apply the distributed authentication, information required for authentication is shared in advance between the mesh nodes.
However, in the centralized authentication scheme, the multi-hop node should be constantly connected to the authentication server (AS). In this case, there is a problem in that heavy load may occur in the authentication server (AS) when mutual authentication between all nodes of the network is performed and an authentication procedure is time-consuming by causing a multi-hop node to access the authentication server (AS) at every time of authentication.
This centralized authentication scheme is not suitable for a multi-hop node since the multi-hop node should frequently perform authentication with many nodes in mobility and should process mobile station (MS) authentication between the mobile station (MS) and the base station (BS). There is a problem with transitive trust since authentication between multi-hop nodes relies on the authentication server (AS). Also, there is a problem in that an authentication delay occurs since the authentication server (AS) is accessed for authentication whenever a handoff occurs according to movement of a multi-hop node.
In the ad hoc network, secret information should be shared for authentication verification between multi-hop nodes. For this, a complex algorithm is used. Accordingly, there is a problem in that computational load occurs in the multi-hop nodes.
When the distributed authentication scheme is applied between nodes without an initial trust anchor, there is a problem with a rogue mobile terminal, an internal attack due to conspiracy of nodes inside the network, or scalability due to the increased number of nodes.
As described above, both the centralized authentication scheme and the distributed authentication scheme may be used in a multi-hop wireless network environment.
When only the centralized authentication scheme is applied to the multi-hop wireless network, there is a problem in that mutual authentication between multi-hop nodes relies on the authentication server (AS) and an authentication delay increases.
When only the distributed authentication scheme is applied to the multi-hop wireless network, there are problems with an operation for first sharing authentication verification information required for authentication between multi-hop nodes, an internal attack due to conspiracy of the multi-hop nodes, a rogue mobile portal (MP), and the like.